In the United States, Customer Due Diligence (CDD) is a requirement of the Patriot Act and the Bank Secrecy Act. The Patriot Act requires due diligence by all domestic financial institutions that maintain, administer, or manage private banking accounts or correspondent accounts in the United States for all “non-United States persons.” As such, United States institutions must have appropriate, specific, and where necessary, enhanced due diligence policies, procedures and controls that are reasonably designed to detect and report instances of money laundering through those accounts.
Furthermore, The Patriot Act requires additional measures for correspondent accounts of foreign banks that either are licensed by particular jurisdictions or operate under offshore banking licenses. The particular jurisdictions specified by the Act are (1) jurisdictions designated by intergovernmental groups (such as the Financial Action Task Force) as non-cooperative with international anti-money laundering standards, and (2) jurisdictions designated by the U.S. Treasury Department as warranting special measures due to money laundering concerns. For correspondent accounts of foreign banks operating under the licenses described above, a U.S. financial institution has the following additional obligations: if shares of the correspondent foreign bank are not publicly traded, the U.S. financial institution must take reasonable steps to (1) identify each of the owners of the foreign bank, and (2) identify the nature and extent of each owner's interest.
The Bank Secrecy Act authorizes the U.S. Treasury Department to require financial institutions to maintain records of personal financial transactions that “have a high degree of usefulness in criminal, tax and regulatory investigations and proceedings.” Under the Bank Secrecy Act, the U.S. Treasury Department has the authorization to require a financial institution to report (in a “Suspicious Activity Report”) any “suspicious transaction relevant to a possible violation of law or regulation.” Suspicious Activity Reports are filed secretly, without the consent or knowledge of bank customers, and any time a financial institution decides that a transaction is “suspicious.”
From a financial institution's point of view, the cornerstone of a strong Anti-Money Laundering and Bank Secrecy Act (AML/BSA) compliance program is the adoption and implementation of comprehensive customer policies, procedures and processes for all customers, particularly those that present a high risk for money laundering and terrorist financing. The objective of CDD procedures should be to enable the financial institution to predict with relative certainty the types of transactions in which a customer is likely to engage. These procedures assist the financial institution in determining when transactions are potentially suspicious. The concept of CDD begins with verifying the customer's identity and assessing the risks associated with that customer.
Furthermore, procedures should also include enhanced CDD for high-risk customers and ongoing due diligence of the customer base. Effective CDD policies, procedures and processes provide the critical framework that enables the financial institution to comply with regulatory requirements and to report suspicious activity.
CDD policies, procedures and processes are critical to the financial institution because they can aid in: (1) detecting and reporting unusual or suspicious transactions that potentially expose the financial institution to financial loss, increased expenses or reputational risk, thereby avoiding criminal exposure from persons who use or attempt to use the financial institution's products and services for illicit purposes; and (2) adhering to safe and sound banking practices. As such, the financial institution's AML/BSA policies, procedures and processes should include CDD guidelines that: (1) are commensurate with the financial institution's AML/BSA risk profile, paying particular attention to high-risk customers; (2) contain a clear statement of management's overall expectations and establish specific staff responsibilities, including who is responsible for reviewing or approving changes to a customer's risk rating or profile, as applicable; (3) ensure that the financial institution possesses sufficient customer information to implement an effective suspicious activity monitoring system; (4) provide guidance for documenting an analysis associated with the due diligence process, including guidance for resolving issues when insufficient or inaccurate information is obtained; and (5) ensure the financial institution maintains current customer information.
Furthermore, the financial institution's management should have a thorough understanding of the money laundering or terrorist financing risks of the financial institution's customer base. Under this approach, the financial institution should obtain information at account opening sufficient to develop an understanding of normal and expected activity for the customer's occupation or business operations. Much of the CDD information can be confirmed through an information-reporting agency, banking references (for larger accounts), correspondence and telephone conversations with the customer, and visits to the customer's place of business. Additional steps may include obtaining third-party references or researching public information (e.g., on the Internet or commercial databases). CDD procedures should include periodic monitoring of the customer relationship to determine whether there are substantive changes to the original CDD information (e.g., change in employment or business operations).
Customers that pose high money laundering or terrorist financing risks present increased exposure to financial institutions, so due diligence policies, procedures, and processes should be enhanced as a result. Enhanced due diligence for high-risk customers is especially critical in understanding their anticipated transactions and implementing a suspicious activity monitoring system that reduces the financial institution's reputation, compliance, and transaction risks. As such, high-risk customers and their transactions should be reviewed more closely at account opening and more frequently throughout the term of their relationship with the financial institution. Guidance to identify high-risk customers may be found in the core overview section
Financial institutions typically administer the above critical risk management and regulatory mandated policies, procedures and processes on department-developed databases. Different departments (e.g., credit risk management and compliance) typically create, maintain and access their own databases so that client risk information is often fragmented. Furthermore, because different departments are creating, maintaining, and/or accessing different databases, it is a time-consuming task to collate all of the information needed to perform an analysis of risk characteristics or effectiveness measures. Moreover, important information is often not transmitted to other departments and/or the information may become “lost.”
Currently, compliance approval status is not readily accessible by relationship managers. As such, account opening may be unnecessarily delayed pending confirmation of know your customer (KYC) status. In addition, KYC information is generally maintained in Words format in multiple booking centers, often resulting in input duplication and redundant record keeping, which further results in information lacking quality and/or quantity. Therefore, a need exists for unified, high quality information that is accessible to multiple departments (and users) throughout a network, such that a database serves as a central information resource for complying with critical risk management and regulatory mandated policies, procedures and processes.